Reference for a vulnerability in atvise server 2.0.0.3291 by Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org This note acts only as a quick and historical reference for a vulnerability I found various months ago (about April/May 2011) in the SCADA software atvise (http://www.atvise.com), exactly in version 2.0.0.3291. I delayed its publishing due to some missing details about the problem and about the possibility of controlling the resulting code execution. The developers found and fixed it autonomously but I don't know when and in what exact version. Reproducing the problem: http://aluigi.org/testz/udpsz.zip http://aluigi.org/poc/atvise_1.dat udpsz -f atvise_1.dat -T -l 500 -X 0x89 16 l 0x1b0 SERVER 4840 -1 Leave it running till the crashing of the server in less than one minute. In some rare cases the problem could happen when the server gets stopped or restarted. atvise_1.dat is just a normal connection dump without modifications. No additional research has been performed and no other details are available.